Hackers Tunnel In Via DirectShow -- Redmondmag.com

Hackers Tunnel In Via DirectShow

Plus: Obama names fed ITSec chief; QuickTime, iTunes fixed; Twitter users targeted yet again.

By Jabulani Leffall
06/02/2009

As Microsoft steps up its security efforts for its products it seems that hackers are just as fervent in their pursuits.

For the third time in as many months, Microsoft has issued an out of band, critical security advisory for remote code execution exploits on one of its products. This time, there's a bug in DirectShow, meaning that any browser utilizing a multimedia a plug-in relying on DirectShow is also vulnerable.

According to a recent Microsoft Security Response Center blog post, hackers are using malicious QuickTime files to hijack PCs via DirectShow as a conduit.

"The vulnerability could allow remote code execution if [the] user opened a specially crafted QuickTime media file," the company said in the advisory. "Microsoft is aware of limited, active attacks that use this exploit code.

Former Microsoft Security Honcho Joins Feds
The U.S. Department of Homeland Security on Tuesday named former Redmond cyber security manager and policy wonk Phil Reitinger as director of the National Cyber Security Center. Reitinger succeeds Rod Beckstrom and according to the DHS, is charged with "collecting, analyzing, integrating and sharing cybersecurity information across all the federal agencies."

Reitinger, was once both a director and senior security strategist with Microsoft's Trustworthy Computing Security Team, after having been Executive Director of the Department of Defense's Cyber Crime Center.

Reitinger's appointment comes on the heels of a major initiative by the Obama administration to at least scratch the surface in figuring out what domestic and global challenges in IT security are for the public and private sectors.

In that announcement, Obama also announced a new White House position to be filled, called the cybersecurity coordinator. There's no word on how instrumental Reitinger will be in a process that will involve many cooks in the proverbial IT security pro kitchen as the process goes forward.

Apple, RIM Patch Flaws
Apple issued patches for QuickTime and iTunes. The updates, first released on Monday, are designed to remedy at least 10 QuickTime holes and one vulnerability in iTunes. Apple said the flaw transcends the aisle, affecting both Windows and Mac-based versions of QuickTime 7.6.2 and iTunes 8.2.

Research in Motion Ltd. rolled out a patch for another flaw in its BlackBerry Enterprise Server's attachment service. Apparently the snafu with potentially malicious .PDF files continues to plague the hardware marker.

A year ago, RIM issued a similar patch to stop malicious code that was distributed via a cluster of updates to BES systems. Like that patch, the most recent one is designed to fix a bug in BlackBerry's attachment download mechanism, which enables users to open up documents from the mobile device.

As enterprise use of Adobe or other PDF-type files on Blackberry devices grows, this will no doubt be an issue that RIM will continue to grapple with and try to fix every time it occurs.

Twitter "Twoubles" Continue
I'm plumb out of witty "twitterisms" to describe the ongoing security breaches on the popular micro-blogging and social networking site. But incursion incidents are nonetheless still occurring. Late last week, Twitter users were again being duped into disclosing login and password details to a Web site called TwitterCut that takes their information and then spams a given user's "followers" with messages disguised as if they were coming from the compromised user profile.

Security vendor F-Secure opines that the TwitterCut homepage looks so similar to the real login page that users logged in and immediately found out they'd been had.

The hosts of TwitterCut claim they had no ill intent and were instead trying to utilize Twitter as an avenue to create followers quickly and leverage hits and viewership for online ad sales purchases. TwitterCut's creators claim they procured the Twitter login script for 50 bucks. The site has nonetheless been marked by Microsoft and others as a malicious Web Site and will show up in IE and other browsers as such.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.